These OOM changes are related AAF Integration

Here we have the ability to optionally disable AAF integration.
A global variable global.security.aaf.enabled=true
will turn on AAF security. with global.security.aaf.enabled=false
it will use spring.security to ensure backward compatibilty. updated
based on review comments

Issue-ID: SO-2452
Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
Change-Id: Ia83622ad681cfd122ee906ccd1654b10b5e31fe4

3 files changed, 26 insertions, 16 deletions

diff --git a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml
index 44544f49e7..8d02cc1f5c 100755
--- a/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/resources/config/overrides/override.yaml
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 aai:
-  auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+  auth: {{.Values.aai.auth}}
 server:
   port: {{ index .Values.containerPort }}
 spring:
@@ -44,20 +44,22 @@ request:
       pool-name: reqdb-pool
       registerMbeans: false
 mso:
-  msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+  msoKey: {{ index .Values.mso.msoKey }}
   logPath: ./logs/sdc
+  config:
+     cadi: {{ include "cadi.keys" . | nindent 8}}
   catalog:
     db:
       spring:
         endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
   db:
-    auth: Basic YnBlbDpwYXNzd29yZDEk
+    auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
   site-name: onapheat
   camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
   adapters:
     requestDb:
       endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
-      auth: Basic YnBlbDpwYXNzd29yZDEk
+      auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
   aai:
     endpoint: https://aai.{{ include "common.namespace" . }}:8443
   asdc-connections:
@@ -67,7 +69,7 @@ mso:
       consumerId: SO-COpenSource-Env11
       environmentName: AUTO
       asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
-      password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+      password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
       pollingInterval: 60
       pollingTimeout: 60
       relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
@@ -82,7 +84,7 @@ mso:
     config:
       activity:
         endpoint: http://sdc-wfd-be:8080
-      key: 566B754875657232314F5548556D3665
+      key: {{ .Values.mso.asdc.config.key }}
       components:
         count: 3,
         componentNames: SO,AAI,SDNC
diff --git a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml
index d873beb62c..b57205223e 100755
--- a/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/templates/configmap.yaml
@@ -15,6 +15,7 @@ apiVersion: v1
 data:
   LOG_PATH: {{ index .Values.logPath }}
   APP: {{ index .Values.app }}
+  ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
 kind: ConfigMap
 metadata:
   name: {{ include "common.fullname" . }}-configmap
diff --git a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
index 931a89516b..91e9be6376 100755
--- a/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
+++ b/kubernetes/so/charts/so-sdc-controller/templates/deployment.yaml
@@ -85,6 +85,22 @@ spec:
             secretKeyRef:
               name: {{ include "common.release" . }}-so-db-secrets
               key: mariadb.admin.password
+         {{- if eq .Values.global.security.aaf.enabled true }}
+        - name: TRUSTSTORE
+          value: /app/org.onap.so.trust.jks
+        - name: TRUSTSTORE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name}}-so-client-certs-secret
+              key: trustStorePassword
+        - name: KEYSTORE
+          value: /app/org.onap.so.jks
+        - name: KEYSTORE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Release.Name}}-so-client-certs-secret
+              key: keyStorePassword
+        {{- end }}
         envFrom:
         - configMapRef:
             name: {{ include "common.fullname" . }}-configmap
@@ -95,16 +111,7 @@ spec:
         - name: config
           mountPath: /app/config
           readOnly: true
-        livenessProbe:
-          httpGet:
-            path: {{- index .Values.livenessProbe.path|indent 2}}
-            port: {{ index .Values.containerPort }}
-            scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
-          initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
-          periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
-          timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
-          successThreshold: {{ index .Values.livenessProbe.successThreshold}}
-          failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
         ports:
         - containerPort: {{ index .Values.containerPort }}
           name: {{ .Values.service.portName }}